Printers

Setting up different kinds of servers using Mandrake 7

FTP, Web, file, and print servers: Mandrake 7 can run all of these. During this Guild Meeting, Vincent Danen explained how.


FTP, Web, file, and print servers: Mandrake 7 can run all of these. On July 27th Vincent Danen explained how. If you couldn’t join us then, enjoy the transcript; and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.

FTP, Web, file, and print servers: Mandrake 7 can run all of these. On July 27th Vincent Danen explained how. If you couldn’t join us then, enjoy the transcript; and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.

Note: TechProGuild edits Guild Meeting transcripts for clarity.

Tonight’s Guild Meeting
MODERATOR: Welcome to tonight's TechProGuild Guild Meeting! We are privileged to have Mandrake's (and TechProGuild's) own Vincent Danen to discuss setting up different kinds of servers with Mandrake 7! It looks like our super speaker is here! Let's all give a round of applause to Mr. Vincent Danen! If anyone has any questions tonight, please don't hesitate to ask. No question is too little or too large.

E-commerce solutions
VINCENT DANEN: I guess tonight we're talking about servers under Mandrake. Does anyone have any questions or comments on that subject? I think a few questions would help get things rolling.

JLWALLEN: I have a question: Is Mandrake doing anything like RedHat with e-commerce or secure server solutions?

VINCENT DANEN: Good question, Jack, and a little difficult to answer. I guess the easiest answer is yes and no, and I'll explain why. One of the fellows who works with MandrakeSoft here in Canada is working on a bunch of Internet components for Mandrake, such as Apache, PHP, and so forth. There is a system called AES, or Advanced Extranet Server, which provides the solutions you're thinking of, to some extent.

There is no formal e-commerce solution. But the tools are there to implement anything RedHat may have, or any other program you may want to use (like OpenMerchant, for example). The SSL support is there with the mod_ssl Apache module and with the OpenSSL libraries available. So, yes, the tools for the solution are there, but there is no easy cut-and-dry application or Mandrake "sub-distro" that will provide any specific solution you may look at.

Hosting applications over a WAN
76327.711: Can a Mandrake, or any other Linux server, be used to "host" DOS or Windows applications over a WAN?

VINCENT DANEN: What do you mean, exactly? Are you talking about running Win programs under Wine or something similar?

76327.711: Is Wine a Windows emulator? I would like to install a DOS or Windows accounting program on the Linux server and access it from Windows PCs.

VINCENT DANEN: Yes, Wine is a Win emulator and then there's DOSEMU for DOS as well. I guess it depends on the app. You can do it with Wine, but how well you can do it I can't honestly tell you. I've never had much luck with Wine myself.

JLWALLEN: I can tell you that Wine has a long way to go. You can, however, use VMware (probably the single most remarkable tool to hit the computer software market in a long, long time).

76327.711: Okay. Please explain VMware.

VINCENT DANEN: VMware is a program you run on the Linux machine that basically emulates hardware. It will let you actually run any version of Windows, Linux, or FreeBSD within a window on your desktop (be it a Linux or NT desktop). You need some serious horsepower to do it, a minimum of 96 MB of RAM for VMware, but when you have the horsepower it's incredible!

76327.711: 96 MB RAM is no longer "serious" horsepower. Most PCs we install today have 128 MB.

JLWALLEN: You're correct. Call me old-fashioned or just old.

VINCENT DANEN: Well, 96 MB is a little light for Vmware, I think. I've run it on a P2-350 with 192-MB RAM, and although it works decently, I'd definitely opt for a higher CPU. I'd also say a minimum of 128 MB of RAM and 500 MHz processor just to have a nice experience with it.

JLWALLEN: I have VMware on a PIII 550 with 128 MB of RAM and it sings.

VINCENT DANEN: Jack, that's a decent machine for VMware. I believe that it hums.

76327.711: Where do you obtain VMware?

JLWALLEN: It's a download you can get from www.vmware.com (about 5 MB I think).

Webmin
JLWALLEN: If you've ever used Caldera 2.4, you've seen the Webmin tool, which is an amazing remote Web interface. Although you can install that on pretty much any distro, Caldera is the only one installing it out of the box. Is Mandrake planning on implementing any “remote” solutions? I'm thinking the server market could really use such an admin tool.

VINCENT DANEN: Take a closer look at 7.1, Jack! Webmin is installed with Mandrake 7.1. You just need to set it up; it's disabled by default.

JLWALLEN: That's great! It's a really amazing tool! I've yet to get a copy of 7.1.

VINCENT DANEN: I've never tried Webmin myself (call me old-school, but I still prefer the console to anything else, and I try to not load Netscape as much as possible).

JLWALLEN: I understand about console. It really is the single most trustworthy tool, but for new users (and for those without the time to learn a jillion commands and arguments) it's ideal.

VINCENT DANEN: I love the console, but the GUI is a necessary evil.

JLWALLEN: What about “thin client”? How well does Mandrake handle such needs?

VINCENT DANEN: Jack, it depends on your definition of thin client. I've heard many different definitions. Give me yours, and I'll answer.

JLWALLEN: I’m referring to putting all applications on a server and allowing the “clients” to download the applications and work remotely. It's like "export DISPLAY='clientIP:0'" (and some other stuff).

VINCENT DANEN: Oh, okay. You can do that in Mandrake just as easily as any other distro. I've run programs like gkrellm and x-chat on my desktop that were located on the server by using ssh to tunnel everything. It works very nice.

JLWALLEN: I've never done “tunneling.” Could you explain that?

76327.711: Please give us more information about ssh tunneling. When you’re running DOS/Windows across a WAN, will only screens be sent to the PCs, or will the entire program have to load?

VINCENT DANEN: In tunneling, you basically log in to the remote machine using ssh. Your "tunnel" is established. Then you make use of ssh's port forwarding tools. For example, instead of creating a link to the remote machine directly, you create a link to another port on the local machine. This port is handled by ssh, which then forwards the traffic on that port through the encrypted tunnel. The traffic is then taken by the ssh server on the remote machine and forwarded to the appropriate port on that machine. Does that make any sense?

JLWALLEN: Wow, that's a lot to take in. It sounds like we need a Drill Down about this topic.

76327.711: It makes sense, but what is actually happening? Is the program loading on the remote computer just like it would on a traditional NetWare LAN?

Ipchains as security
JLWALLEN: Is Mandrake planning on keeping ipchains as its primary security tool?

VINCENT DANEN: Jack, for the time being, the answer is yes. There is supposed to be a new tool with the 2.4 kernel, kind of like how ipfwadm was for 2.0.x, and ipchains is for 2.2.x. This new tool is one step up on ipchains and is supposed to be easier. So for the time being, yes, ipchains is the man. In the future, that's anyone's guess. Just to drive the point home, we're changing from inetd to xinetd for the next release because xinetd has better security and more features.

Kernel-Web-server
JLWALLEN: What about the new Web server that is integrated into the kernel. I don't remember what it's called, but what does Mandrake think about it? Any plans on looking into such an animal?

VINCENT DANEN: I can't speak for Mandrake completely on this one because I don't know. There has been no discussion about it that I have seen, which leads me to believe that it probably will amount to nothing unless we put together a small "slim-server" sub-distro of some sort.

JLWALLEN: I realize that Apache is the Web server, but when something like this comes along that blows away all other benchmarks, you can't help but wonder.

VINCENT DANEN: True, but does it offer the same functionality as apache or roxen? I don't know much about the kernel-Web-server, but I can't imagine that it will do half as much as what apache does, especially if they want to keep it in the kernel.

JLWALLEN: I was a bit leery about a Web server that was actually part of the kernel. It seems to me that the only way to keep Linux as stable as it is is to leave the kernel alone.

VINCENT DANEN: I agree. Or keep things that belong in a kernel in the kernel. The only reason I see the need for a Web server in the kernel is for embedded systems. For a normal distro, I don't see the need.

JLWALLEN: I think that may have been the point of this Web server, but the numbers were like four times that of the current fastest server, so naturally, it made people look.

JCMCINTYRE: Would a kernel-based Web server be useful for the crusoe-based devices when they reach the market? It might make a full-fledged Web server, but it could be used for some well-defined needs.

VINCENT DANEN: Yeah, I think a kernel-based Web server will have a place in crusoe-based devices or on certain crusoe-based devices. I don't think embedded Web servers will become a mainstream thing by any means, but I can see why they might be useful in some areas (i.e. routers that permit Web-based configuration). Having the Web-server embedded in the kernel in that instance makes sense.

JCMCINTYRE: It seems reasonable that a kernel-based server would be a good match for the crusoe devices, although nobody seems to know what those devices are going to be yet.

VINCENT DANEN: Yeah, that makes it a little difficult to tell. But, considering the size and design of crusoe, it leads you to make some interesting conclusions on what they could be used for.

JCMCINTYRE: Precisely. It's nice to talk to an insider.

VINCENT DANEN: I'm not an insider when it comes to crusoe... honest! I probably know less than you do.

Mandrake’s strengths
JLWALLEN: What would you say is Mandrake's greatest strength in the server space? Dynamic Web hosting? Firewalling? File serving?

VINCENT DANEN: Oh boy, tough question. I don't think I can honestly answer that. But let me put it this way. I run a six-computer network here, all of them run Mandrake except one Win98 machine. Two of the machines are dedicated servers. They run named, Apache, qmail, irc, ProFTPD, ssh, samba to serve files; one is also a print server. At one point, I did have NIS installed to centralize information on the network. Mandrake did all this and did it well.

VINCENT DANEN: Just out of curiosity... how many people here are running or have looked at Mandrake 7.1?

JCMCINTYRE: I have 7.1 here, and I will probably install it soon. After I finish the article I'm working on now. I've heard a lot of good stuff about it.

VINCENT DANEN: An article on Mandrake? Or am I too optimistic? You'll like it... trust me. It works really slick.

JCMCINTYRE: No, the article is on www.tripwire.org.

VINCENT DANEN: I agree; 7.1 sounds fantastic. I'm really excited about what the future holds, especially with embedded Linux apps. I so badly want a PDA/portable MP3 player that runs Linux.

ANDY_DAVIS: I have 7.1 running on this laptop.

76327.711: I just got 7.0 and am ready to load it. Am I already way behind the curve?

VINCENT DANEN: Nope, 7.0 is a good starting point. Nice and stable. You're behind, but not that far behind.

JCMCINTYRE: No, you are not behind the curve. The fact that you are in this discussion proves that.

Expanding Linux to the desktop
JLWALLEN: Okay I'm curious... servers. I realize that this is a discussion about servers, but I think this is related. How does Linux continue to grow beyond the server market? We all know that Linux has proven itself a heavyweight in the server space, but it seems the public is so reluctant to take it seriously on the desktop.

ANDY_DAVIS: Mandrake and Caldera are the most popular distros in my shop so far.

Mandrake versus RedHat
JCMCINTYRE: Is Mandrake just RedHat customized for the Pentium?

VINCENT DANEN: No! Don't let anyone tell you Mandrake is just RedHat+Pentium opts! That is so totally untrue. There are many differences between Mandrake and RH. Being a Mandrake developer, I can honestly tell you that some of those differences are annoying as heck.

VINCENT DANEN: Well, I don't know if everyone knows this or not, but I handle the security updates for Mandrake. There was recently some hoopla about PAM, so I went to explore it. It looked as though RH modified the source code directly instead of applying patches. This makes my job harder, as I have no idea what they did without diffing the entire source against the (pristine) source that Mandrake ships in its srpms.

JLWALLEN: Okay, so why is applying patches better than rewriting the source?

VINCENT DANEN: Let’s put it this way. In order for me to evaluate if a security flaw exists in the PAM we ship (after our own patches), I need to know what they changed. If they change the source directly, I have no idea what they changed. If I can look at a patch, I know exactly what's been changed.

Server installs
JLWALLEN: When is Mandrake, or any distro for that matter, going to make an installation routine that offers choices like file sever install, Web server install, FTP server install, DNS server install, and so on? That would be so amazing!

VINCENT DANEN: I think when an "ISP-version" sub-distro comes out. From my understanding, talking with Debian developers, potato(? the new one) will have install classes like that. Not sure on when or if Mandrake will do the same thing.

ANDY_DAVIS: Jack, do you mean that when you select server, you would be prompted further for ftp or DNS, and so on?

JLWALLEN: Yes, Andy. Can you imagine how that would take the industry by storm? At least, I think it would. It just might be the catalyst to fully take the server market from Microsoft.

ANDY_DAVIS: Jack, it would be great.

JCMCINTYRE: It would also attract new users. The amount of software and code involved with Linux downloads overwhelms people used to running Windows.

VINCENT DANEN: I think it would be a good idea, too, especially for people who just want an FTP server on their machine and nothing else or just a firewall, and so on.

JCMCINTYRE: I've often wondered why the vendors don't organize their sites for those purposes already.

ANDY_DAVIS: Yeah, it would be great if the server install drilled you further for a specific server type.

JLWALLEN: Take the Red Hat installation (I'll preface this by saying that I'm a huge Red Hat fan); you install a GNOME workstation and you have no (or little) FTP capabilities. Imagine having a distro that could install only what you needed. It would optimize a server to the fullest extent of the distribution! And we know how Linux can be optimized.

VINCENT DANEN: I think it's because of the work involved. You have to look at various install classes. The first thing you need to figure out is the absolute base system for any install class. Then you have to build up from there and branch. For example, in a Web class, you'll want apache, probably php, and perl, and so on. In the FTP class, you just want wu-ftpd or proftpd. In a database class, you'll want mysql. Then, to make it tougher, you throw in variables. Which FTP server? Which web server? MySQL or PostgreSQL? Then you throw in combinations; webserver+ftp server, or webserver+database server, or all three. What about IRC? What about DNS services? That's a lot to keep track of. And all you end up doing is seriously bloating the installer, which no one wants. Now, I'm probably making it sound more difficult than it might be, but that's how I see it.

JLWALLEN: But if it could be pulled off.... Wow! With Loki creating some incredible installers, and with Installshield soon to be supporting Linux, you never know. It's an exciting time to know Linux.

VINCENT DANEN: That's for sure. Things are being rapidly developed, rapidly changing, and rapidly getting better!

JLWALLEN: What is Mandrake going to do about FTP? Wu-ftp is just not what it needs to be.

VINCENT DANEN: We've got pro-ftpd in the main distro now, so you'll be offered a choice. Wu-ftpd will be there for "legacy" systems, kind of like how we default to postfix but sendmail is still in there as well (and, if I get the okay from the author, qmail too).

JLWALLEN: I know you're fond of pro-ftp. Are you pushing for that app over wu?

VINCENT DANEN: For sure! Pro-ftpd rocks! And it's much more secure. It took me a bit to convince Mandrake to put pro-ftpd into main distro, but I did it. Hopefully for the next version, pro-ftpd will be the default with wu-ftpd as the runner-up.

JLWALLEN: Wow! So it sounds like Mandrake is going to offer a heck of a lot more choices!

VINCENT DANEN: Yes. There are a lot of choices now, but we want to increase that. I'm sure that those of you who checked out 7.1 saw that we added another cd of stuff.

ANDY_DAVIS: Yeah, I'm still going through it all. It’s nice, and with the apache-like syntax, it's easier to understand; it’s a familiar dialect to me.

VINCENT DANEN: For sure! proftpd took me ten minutes to set up the first time. It was easy! And the nice thing about it is you can also jail users into their own home directories.... Gotta love chroot in an FTP server that is simple to set up.

JLWALLEN: Can you explain the difference between pro and wu?

VINCENT DANEN: Pro=secure, wu=not. Seriously, that's what it boils down to. And configuration in wu is bad; it’s not very good at all. Pro-ftpd uses apache-like syntax for the config file and supports virtual hosts (well, as much as any FTP server can since virtual FTP servers are not the same as virtual Web servers). All the way around, pro-ftpd is a better product, make no mistake! Wu-ftpd is legacy, it's old, and it's had too many problems. They're still finding buffer overflow problems in it! Considering how often new security advisors come out for wu-ftpd. It needs a complete rewrite. Obviously, code audits aren't doing the trick.

JLWALLEN: If that's the case, why are all the distros defaulting to wu?

VINCENT DANEN: It's a defacto standard and has been for a long time. It’s the same reason many default to sendmail, which is just as bad a choice (in my opinion).

JLWALLEN: Do you have the same kind of problems with sendmail?

VINCENT DANEN: Sendmail has had a bad security history also. Postfix, exim, qmail—none of them have had as many security problems as sendmail, so I'd recommend any of them over sendmail any day of the week. Plus the .cf files are archaic.

JLWALLEN: I'm working on procmail right now. It has the same syntax as sendmail, but boy can it do some work! Granted, it's not an MTA like sendmail and Qmail, but the syntax is frustrating.

VINCENT DANEN: Procmail is nice. I actually find procmail recipies easier to understand than sendmail .cf syntax. Don't ask me why, but you can get away with doing some easy things with it like sorting mailing lists into mailboxes. I love that feature.

Raising Linux’s acceptance
MODERATOR: I have a question for everyone. Where do you think the focus needs to shift in order for Linux to reach a higher acceptance? Is it enterprise? Server? Desktop? New users?

JCMCINTYRE: People think Linux is strictly for geeks. Therefore, it must be from the ground up. Every comment I hear about Linux is "you really need to know what you're doing"

HAROLD966: I say new users.

VINCENT DANEN: Personally, I think it's desktop. I don't care what anyone says, you can't beat a Linux server. However, it's desktop users who make up the largest market of computer users. They're the ones who need to be reached. That means more stable desktop/GUI apps and more games.

Assisting the Linux community
MODERATOR: What do the informers (like TechProGuild) need to offer to the Linux community to help them along?

VINCENT DANEN: I think what someone needs to come up with is a list of well-known Windows apps that people use and list the Linux counterparts so that people know that there are viable alternatives. A chart like that will dispel some myths about Linux as well I think.

76327.711: I think that practical "how-to" articles are the best kind.

MODERATOR: So what I'm hearing is that there needs to be more Linux training?

JCMCINTYRE: That’s pretty much it. People assume Linux is much more complex than it is.

VINCENT DANEN: I agree completely with that statement. Too many people think you need to be a genius or hacker to get anything out of Linux.

JCMCINTYRE: Too much literature assumes knowledge. As a trainer, I'm not impressed with a lot of Linux books and Web sites.

76327.711: Yes, training is needed, for example, how-to install a desktop system, how-to install a server that works "right out of the box," etc. Windows is a near brainless install today. Having Linux with this ability is the only thing that will really push it to the masses.

ANDY_DAVIS: It's getting there with each new release. I think the install is a major factor and then an intuitive interface.

76327.711: With NetWare we document each step, successful and failed, for the first machine we load with each new version. Makes future installs much easier.

JCMCINTYRE: Windows was a success because it was easy to learn.

KENC: I think that the install is going to have to improve. I installed 7.1 and still don't have sound or 3D video working. How about some info on setting these up if they don't install the first time?

76327.711: Yes, the "what-if's" are required for items that don't load properly the first time around.

ANDY_DAVIS: Maybe we need a dummied down version but leave a big icon, "click here if you want to have more flexibility."

VINCENT DANEN: KenC, a lot of that is a problem, yes, but it's a hardware problem more than an installer problem. Linux still has a ways to go with the newer hardware, which is something else we need. We need hardware manufacturers writing their own drivers so we don't have to hack them up ourselves, which results in errors and slowness.

76327.711: That’s easy to solve: if it looks like you need a more current driver, visit the mfg's Web site.

MODERATOR: But how-to documentation on what level? When I got out and search it seems there is very little “usable” information on “learning Linux.” It seems to miss the point.

76327.711: "How-to" means documentation of a successful install: step 1 to whatever that anyone can follow.

VINCENT DANEN: I suggest you check out MaxOS next month for how-to instructions. It's dummy-proof...no joke.

JCMCINTYRE: As a trainer, I find too many people can't simplify Linux. Too many people start out by telling learners the topic is complicated.

MODERATOR: What I'm getting at is, as the Editor-in-Chief of Linux Content, I'm looking to focus on what the users/readers need. My specialty is training new users and the desktop. Vincent's (he's one of my best writers by the way) specialty is networking. I plan on a long series of “how-to's” that focus on the new user. The problem is making sure you cover your bases and that every level of knowledge gets its fair share. But I think (or assume) that there needs to be a push to teach (or show) people how easy Linux can be. Am I way off here?

JCMCINTYRE: No.

76327.711: Sounds O.K. to me. There is no such thing as a "typical" install of course, but if you're working off someone else's successful checklist you stand a better chance of being successful yourself.

VINCENT DANEN: I don't think you’re on the wrong track. This is where I think tradeshows and the like are a benefit, even to the local flea market. Point in fact, I had Caldera installed on a machine at a tradeshow, and it generated a lot of interest, especially when people realized they weren't looking at Windows. It's amazing to hear that nine out of ten people are frustrated with Windows when you ask them about it!

Linuxconf’s future
JCMCINTYRE: Do you folks think Linuxconf has a future? I like it, but editing files gives me flexibility.

VINCENT DANEN: I think Linuxconf or other variants have a future. I, too, prefer editing the config files by hand, but not too many people feel the same way as we do. Too many people are used to a menu interface for configuration, and tools like Linuxconf and yast provide it.

JLWALLEN: I use a combination of Linuxconf and script writing, but I primarily use netconf. I rarely use the full-blown Linuxconf.

Linux grab bag
MODERATOR: Anyway, we've run out of time ladies and gentlemen. It's been a great time! Thank you so kindly for your input. If anyone has any suggestions about what we spoke about tonight, or anything else Linux related, please don't hesitate to e-mail me at jwallen@techrepublic.com.
Our Guild Meetings feature top-flight professionals leading discussions on interesting and valuable IT issues. You can find a schedule of Guild Meetings in your weekly TechProGuild Notes TechMail, or on the Guild Meeting calendar.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks

Free Newsletters, In your Inbox